THREAT MODELING FRAMEWORKS Flashcards
BELL LA PADULA MODEL
BIBA MODEL
GENERAL THREAT MODELING PRINCIPLES
PREPARATION
IDENTIFICATION
MITIGATIONS
REVIEW
STRIDE
S-spoofing
T-tampering
R-repudiation
I-Information Disclosure
D-Denial of service
E-Elevation of privilege
PASTA
THREAT INTELLIGENCE
ASSET IDENTIFICATION
MITIGATION CAPABILITIES
RISK ASSESSMENT
SPOOFING
This principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another.
Access keys (such as API keys) or signatures via encryption helps remediate this threat.
TAMPERING
By providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate.
For example, shops use seals on food products.
REPUDIATION
This principle dictates the use of services such as logging of activity for a system or application to track.
INFORMATION DISCLOSURE
Applications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner.
DENIAL OF SERVICE
Applications and services use up system resources, these two things should have measures in place so that abuse of the application/service won’t result in bringing the whole system down.
CIA TRIAD
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
ELEVATION OF PRIVILEGE
This is the worst-case scenario for an application or service. It means that a user was able to escalate their authorization to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure.
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
INCIDENT
INCIDENT RESPONSE
PHASES OF INCIDENT RESPONSE
PREPARATION
IDENTIFICATION
CONTAINMENT
ERADICATION
RECOVERY
LESSONS LEARNED
PREPARATION
Do we have the resources and plans in place to deal with the security incident?
IDENTIFICATION PHASE
Has the threat and the threat actor been correctly identified in order for us to respond to?
